Burp Suite User Forum
The response states that the content type is application/font-woff2. However, it actually appears to contain unrecognized content. If the URL path can be manipulated to end with ".html", the following browsers may interpret...
In the proxy history and logger history, if you click on the picture, Burp will freeze even though it is only 8kb, but the 1.4mb js file will not freeze. I guess it is because the picture cannot be correctly processed into a...
Repeater won't allow to switch protocol from HTTPS to HTTP ("Configure target details" from upper left pencil icon -> uncheck "HTTPS") when the HTTP request is HTTP/2. It will show an error on the bottom: "HTTP/2 is...
Summary: The resource pools under Settings->Project->Tasks are not saved in Project Settings, despite being identified as a project settings area. Use Case: I am attempting to save a project file and share it with...
With Burp Pro (v2022.12.6) the target IP can be shown in the included Logger function. If the IP of the target changes (e.g. By setting a different IP in the settings, network, connections, hostname resolution overrides)...
all requests in burp i am getting timed out . --------------------------------------------------------------------------------------------------------- SYSTEM...
Hi, I want to mark all the learning materials from SQL Injection Path as complete. But the checkbox is not present in the "Track your progress" section, either on firefox or chromium. Is this on my side ? Thanks !
I've followed the appropriate steps to fully trust the burp cert, but as of iOS 13 this does not work and HTTPS requests fail. Looking at iOS 13 release notes, I found this: https://support.apple.com/en-us/HT210176 -- I...
I was trying to record the API for an application. I observed that the Burp Target page only keeps the record of the last API request if the API endpoint is the same and the REST method is not the same. For example, we...
Hello guys, The hint for this lab is: "Solving this lab requires an understanding of several other web vulnerabilities. If you're still having trouble solving it after several hours, we recommend completing all other...
Hi, the above lab cannot be solved (using the solution, the community solution or 3rd party solutions anyway). The community solution is outdated now, but the comments on the official YT page are also saying they are...
Hello, During my work, i've stumbled across the web application project which uses the Blazor technology. Blazor is .NET framework that uses SignalR library. This leads to use of WebSocket protocol communication in every...
In one of the "Revealing front-end request rewriting" examples, the Content-Length is wrong. POST / HTTP/1.1 Host: vulnerable-website.com Content-Length: 130 Transfer-Encoding: chunked 0 POST /login...
During an assessment it was noticed that if the payload (request to the Collaborator server) includes more than one Collaborator URL, Burp Collaborator reports one connection (single HTTP request) as multiple based on the...
Hello, in the ssrf lab the lab Blind SSRF with Shellshock exploitation is repeated. Regards
NET::ERR_CERT_AUTHORITY_INVALID Help
lab name : Performing CSRF exploits over GraphQL
this is okay : "given any insertion point then" That does not work : "given body insertion point then" my body is...
I'm trying to install the Burp Suite Enterprise Scanning agent on Ubuntu. I'm getting errors when running the below: ``` $ sudo sh burpsuite_enterprise_linux_v2023_6_1.sh -q -varfile response.varfile Unpacking JRE...
I've started to get this issue more and more... seems to not happen after a fresh restart. I open Chromium and try and go to my lab and get 'ERR_TUNNEL_CONNECTION_FAILED'... If I get that, I cannot surf to any sites (...
Page 30 of 152
Your source for help and advice on all things Burp-related.